Microsoft Zero-Day Security Intelligence Report
Microsoft has released its latest Security Intelligence Report. It focuses on zero-day exploitation and the risks Microsoft customers face from it.
The analysis looked at threats detected by the Malicious Software Removal Tool (MSRT) during the first half of 2011.
The key findings revealed that:
- Over one third of malware detections analysed were attributed to malicious software that misused the AutoRun feature in Windows
- These AutoRun threats were divided between those that spread via removable volumes (26 percent) and those that spread via network volumes (17 percent)
- Microsoft took several steps to help protect customers; releasing an automatic update for XP and Vista in February to make the AutoRun feature more secure.
- Approximately six percent of the MSRT detections analyzed were attributed to exploits.
- None of the top families in the MSRT were documented as using zero-day exploits in the period analysed.
- Out of all the culnerability exploitation detected my the MMPC, less than one percent was zero-day exploit activity.
Overall the vulnerability severity has gone down. Medium and high severity vulnerabilities were down 6.8 percent and low complexity vulnerabilities were down 41.2 percent from the previous 12 month period.
The most common types of exploits found were those targeting vulnerabilities in Oracle Java Runtime Environment, Java Virtual machine and Java SE. Java exploits were responsible for between one third and one half of all exploits observed in each of the four most recent quarters.
On an enterprise level, worm families accounted for the three most common malware families detected on domain-joined computers. Win32/Conficker and Win32/RealVNC were significantly more prevalent on domain-joined computers.
The volume of spam being blocked decreased dramatically over the past 12 months, mostly because 2 major botnets were taken down. Image only spam messages dropped to 3.1 percent of the total, down from 8.7 percent in 2010.
While financial sites have typically been the preferred target for phishers, the report found that it was social networks that had become the primary target – 83.8 percent of impressions in April. Financial institutions were the second most targeted.
In the report Microsoft makes strong recommendations on how organisations can protect themselves. Points include:
- minimise and monitor your attack surface
- create a social engineering incident response plan
- create a plan for addressing social engineering in your organisation
- keep software up to date
- drive awareness and train your organisation
- encourage behaviour you want and enforce where necessary
At a time when there is a lot of press on high profile hacks, this report shows how much progress is being made in reducing vulnerabilities and the success this is having. However it is clear that business owners still need to take a lot of the responsibility for protecting themselves.